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REMARKS 

The Examiner has rejected Claims 1-4, 18-22, 36 and 39 under 35 U.S.C. 103(a) 
as being unpatentable over Shostack et al. (U.S. Patent No. 6,298,445) in view of 
Fujimori (U.S. Patent No. 6,681,213). Applicant respectfully disagrees with such 
rejection for the reasons stated below. 

With respect to independent Claims 1,18 and 36, the Examiner has relied on the 
following excerpt from Fujimori to make a prior art showing of applicant's claimed 
"determining whether the risk assessment scan involves an intermediate device coupled 
between the target and the remote source." 

^'Each of the authorized nodes has a normal mode and a protected 
mode for its data input/output operation. On a communication 
network constituted only by authorized nodes, each of the nodes 
is allowed to freely input and output (coimunicate) data in the 
normal mode. The monitor node, which is also connected to the 
coininunication network, detects when an unauthorized node is 
connected to the network, and then instructs each of the 
authorized nodes to input and output data in the protected mode."' 
(Col. 2, lines 1-9) 

The Examiner further argues that Fujimori discloses "detecting an unauthorized 
node coupled between the authorized node and the monitor node." Applicant respectfully 
disagrees with this assertion. It appears that the Examiner is relying on Fujimori's 
unauthorized node to meet applicant's claimed "intermediate node.'* However, in doing 
so, Fujimori simply does not meet applicant's claimed '^determining whether the risk 
assessment scan involves an intermediate device coupled between the target and the 
remote source '' (emphasis added). 

Specifically, Fujimori's authorized node and monitor node do not meet 
applicant's claimed target and remote source, as the authorized node is not the target of 
the risk assessment scan in Fujimori. The only interaction between the monitor mode and 
the authorized node is the passing of instructions, which does not meet risk assessment 
scanning of the target. It appears that this paramount discrepancy is rooted in the fact 



PACE 13/17 • RCVD AT 3«0/2005 7:51 :03 PM tEastem Standard Time) • SVRiUSPTO-EFXRF-l/l • DN18:8729308 ■ CSID:408 971 4660 • DURATION (niiMS):0V32 



Har 30 05 05:01p SVIPG 



408 971 4GG0 



14 



-11- 

that Fujimori scans for and detects just unauthorized nodes, while applicant claims risk 
assessment scanning the target, and carrying out additional operations based on the 
presence of an intermediate device. 

Further, the Examiner has relied on the following excerpt from Shostack to make 
a prior art showing of applicant's claimed "notifying an administrator if it is determined 
that the risk assessment scan involves the intermediate device." 

^'A first application 4 8 of the NSD 16 provides a real-time 
intrusion detection notification system. In one embodiment, the 
first application 48 takes an action which may include sending an 
alarm to a systesi administrator if an intrusion is detected. 
(emphasis added - Col. 6, lines 5S-56) 

Shostack's teaching of "sending an alarm to a system administrator if an intrusion 
is detected '' as emphasized in the excerpt above is significantly different from applicant's 
claim language. In particular, applicant claims "notifying an administrator if it is 
determined that the risk assessment scan involves the intermediate device '^ and NOT 
simply if an intrusion is detected. Tliere is simply no suggestion in Shostack of any sort 
of determination as to whether a risk assessment scan involves an intermediate device, let 
alone a notification thereof. 

It is further noted that the Examiner has not specifically addressed applicant's 
claimed "wherein additional operations are carried out to improve a risk assessment in 
view of the presence of the intermediate device coupled between the target and the 
remote source" (see this or similar subject matter in each of the aforementioned 
independent claims). 

To establish a prima facie case of obviousness, three basic criteria must be met. 
First, there must be some suggestion or motivation, either in the references themselves or 
in the knowledge generally available to one of ordinary skill in the art, to modify the 
reference or to combine reference tejichings. Second, there must be a reasonable 
expectation of success. Finally, the prior art reference (or references when combined) 
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must teach or suggest all the claim limitations. The teaching or suggestion to make the 
claimed combination and the reasonable expectation of success must both be found in the 
prior art and not based on applicant's disclosure. In re Vaeck,947 F.2d 488, 20 USPQ2d 
1438 (Fed,Cir.l991). 

Applicant thus respectfully asserts that at least the third element of the prima facie 
case of obviousness has not been met, since the prior art references, when combined, fail 
to teach or suggest all of the claim limitations, as noted above. Nevertheless, despite the 
foregoing paramount distinctions and in the spirit of expediting the prosecution of the 
present application, applicant has clarified each of the independent claims to further 
distinguish the prior art of record. A notice of allowance or a specific prior art showing 
of al] of applicant's claim limitations, in combination with the remaining claim elements, 
is respectfully requested. 

In addition, the prior art is further deficient with respect to the dependent claims. 
For example, with respect to dependent Claim 3 et ah, the Examiner relies on Fujimori's 
teaching of a "monitor node*' that ''detects when an unauthorized node is connected to the 
network" (see except of Col. 2, lines 1-9 above) to make a prior art showing of 
applicant's claimed "wherein a plurality of procedures are utilized to determine whether 
the risk assessment scan involves the intermediate device," Applicant respectfully asserts 
that the Examiner's reliance the above mentioned excerpt from Fujimori fails to even 
suggest applicant's claimed "a plurality of procedures [that] are utilized to determine 
whether the risk assessment scan involves the intermediate device," since Fujimori 
generally mentions solely a detection of an unauthorized nodes. 

Also, with respect to dependent Claim 4 et al., the Examiner relies on Shostack's 
disclosed *'third application 44 [that] provides a map of ail ports on the network 20 and 
pings all Internet Protocol devices to expose potential security vulnerabilities" (emphasis 
added - Col. 7, lines 17-19) to make a prior art showing of applicant's claimed 'Vherein 
at least one of the procedures includes determining a port list associated with the risk 
assessment scan." Applicant respectfully asserts that the above excerpt does not teach 
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"determining a port list associated with the risk assessment scan /' since Shostack clearly 
discloses providing a map of ALL ports on the network, as opposed to those specifically 
associated with the risk assessment scan. 

Again, applicant respectfully asserts that at least the third element of the prima 
facie case of obviousness has not been met, since the prior art references, when 
combined, fail to teach or suggest all of the claim limitations, as noted above. A notice of 
allowance or a specific prior art showing of all of applicant's claim limitations, in 
combination with the remaining claim elements, is respectfully requested. 

The Examiner has rejected Claims 5-9, 23-27 and 37-38 under 35 U.S.C. 103(a) 
as being unpatentable over Shostack in view of Fujimori and Applicant Admitted Prior 
Art (AAPA). Applicant respectfully disagrees with such rejection. 

With respect to independent Claims 37 and 38, applicant respectfully asserts that 
such claims are deemed allowable for, at least in part, the reasons set forth hereinabove 
with respect to the aforementioned iiidependent claims. It should be further noted that 
the present claims further distinguish Fujimori by requiring a "proxy server" instead of an 
"intermediate device," a feature clearly absent in such reference. Also, applicant's 
following claim language (or substantially similar claim language as in Claim 38) is 
simply not met by the prior art references: 

"executing a plurality of procedures to determine whether the risk assessment 
scan involves a proxy server coupled between the target and the remote source;'* 

"receiving results of the risk assessment scan from the target utilizing the 
network;" and 

"notifying an administrator if the results of the risk assessment scan are flagged." 

Again, applicant respectfully asserts that at least the third element of the prima 
facie case of obviousness has not been met since the prior art references, when combined, 
fail to teach or suggest all of the claim limitations, as noted above. A notice of allowance 
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or a specific prior art showing of all of applicant's claim limitations, in combination with 
the remaining claim elements, is respectfully requested. 

Thus, all of the independent claims are deemed allowable. Moreover, the 
remaining dependent claims are further deemed allowable, in view of their dependence 
on such independent claims. 

In the event a telephone conversation would expedite the prosecution of this 
application, the Examiner may reach the undersigned at (408) 505-5100. The 
Commissioner is authorized to charge any additional fees or credit any overpayment to 
Deposit Account No. 50-1351 (Order No. NAIIP012/01. 132.01). 



P.O. Box 721120 

San Jose, CA 95172-1 120 

408-505-5100 
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